Cover Image

Adaptive security architecture for protecting RESTful web services in enterprise computing environment

In this modern era of enterprise computing, the enterprise application integration (EAI) is a well-known industry-recognized architectural principle that is built based on loosely coupled application architecture, where service-oriented architecture (SOA) is the architectural pattern for the impleme...

Full description

Saved in:
Bibliographic Details
Main Authors: Beer, M.I., Hassan, M.F.
Format: Article
Published: Springer London 2018
Online Access:https://www.scopus.com/inward/record.uri?eid=2-s2.0-85035118910&doi=10.1007%2fs11761-017-0221-1&partnerID=40&md5=e6d147629cbbbe87a937d81457aa5b98
http://eprints.utp.edu.my/21517/
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utp.eprints.21517
record_format eprints
spelling my.utp.eprints.215172018-11-07T03:28:02Z Adaptive security architecture for protecting RESTful web services in enterprise computing environment Beer, M.I. Hassan, M.F. In this modern era of enterprise computing, the enterprise application integration (EAI) is a well-known industry-recognized architectural principle that is built based on loosely coupled application architecture, where service-oriented architecture (SOA) is the architectural pattern for the implementation of EAI, whose computational elements are called as �services.� Though SOA can be implemented in a wide range of technologies, the web services implementation of SOA becomes the current selective choice due to its simplicity that works on basic Internet protocols. Web service technology defines several supporting protocols and specifications such as SOAP and WSDL for communication with client and server for data interchange. A new architectural paradigm has emerged in SOA in recent years called REpresentational State Transfer (REST) that is also used to integrate loosely coupled service components, named RESTful web services, by system integration consortiums. This SOA implementation does not possess adequate security solutions within it, and its security is completely dependent on network/transport layer security that is obsolete owing to latest web technologies such as Web 2.0 and its upgraded version, Web 3.0. Vendor security products have major implementation constraints such as they need secured organizational environment and breach to SOA specifications, hence introducing new vulnerabilities. Herein, we examine the security vulnerabilities of RESTful web services in the view of popular OWASP rating methodologies and analyze the gaps in the existing security solutions. We hence propose an adaptive security solution for REST that uses public key infrastructure techniques to enhance the security architecture. The proposed security architecture is constructed as an adaptive way-forward Internet-of-Things (IoT) friendly security solution that is comprised of three cyclic parts: learn, predict and prevent. A novel security component named �intelligent security engine� is introduced which learns the possible occurrences of security threats on SOA using artificial neural networks learning algorithms, then it predicts the potential attacks on SOA based on obtained results by the developed theoretical security model, and the written algorithms as part of security solution prevent the SOA attacks. This paper is written to present one of such algorithms to prevent SOA attacks on RESTful web services along the discussion on the obtained results of the conducted proof-of-concept on the real-time SOA environment. A comparison of the proposed system with other competing solutions demonstrates its superiority. © 2017, Springer-Verlag London Ltd., part of Springer Nature. Springer London 2018 Article PeerReviewed https://www.scopus.com/inward/record.uri?eid=2-s2.0-85035118910&doi=10.1007%2fs11761-017-0221-1&partnerID=40&md5=e6d147629cbbbe87a937d81457aa5b98 Beer, M.I. and Hassan, M.F. (2018) Adaptive security architecture for protecting RESTful web services in enterprise computing environment. Service Oriented Computing and Applications, 12 (2). pp. 111-121. http://eprints.utp.edu.my/21517/
institution Universiti Teknologi Petronas
building UTP Resource Centre
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Petronas
content_source UTP Institutional Repository
url_provider http://eprints.utp.edu.my/
description In this modern era of enterprise computing, the enterprise application integration (EAI) is a well-known industry-recognized architectural principle that is built based on loosely coupled application architecture, where service-oriented architecture (SOA) is the architectural pattern for the implementation of EAI, whose computational elements are called as �services.� Though SOA can be implemented in a wide range of technologies, the web services implementation of SOA becomes the current selective choice due to its simplicity that works on basic Internet protocols. Web service technology defines several supporting protocols and specifications such as SOAP and WSDL for communication with client and server for data interchange. A new architectural paradigm has emerged in SOA in recent years called REpresentational State Transfer (REST) that is also used to integrate loosely coupled service components, named RESTful web services, by system integration consortiums. This SOA implementation does not possess adequate security solutions within it, and its security is completely dependent on network/transport layer security that is obsolete owing to latest web technologies such as Web 2.0 and its upgraded version, Web 3.0. Vendor security products have major implementation constraints such as they need secured organizational environment and breach to SOA specifications, hence introducing new vulnerabilities. Herein, we examine the security vulnerabilities of RESTful web services in the view of popular OWASP rating methodologies and analyze the gaps in the existing security solutions. We hence propose an adaptive security solution for REST that uses public key infrastructure techniques to enhance the security architecture. The proposed security architecture is constructed as an adaptive way-forward Internet-of-Things (IoT) friendly security solution that is comprised of three cyclic parts: learn, predict and prevent. A novel security component named �intelligent security engine� is introduced which learns the possible occurrences of security threats on SOA using artificial neural networks learning algorithms, then it predicts the potential attacks on SOA based on obtained results by the developed theoretical security model, and the written algorithms as part of security solution prevent the SOA attacks. This paper is written to present one of such algorithms to prevent SOA attacks on RESTful web services along the discussion on the obtained results of the conducted proof-of-concept on the real-time SOA environment. A comparison of the proposed system with other competing solutions demonstrates its superiority. © 2017, Springer-Verlag London Ltd., part of Springer Nature.
format Article
author Beer, M.I.
Hassan, M.F.
spellingShingle Beer, M.I.
Hassan, M.F.
Adaptive security architecture for protecting RESTful web services in enterprise computing environment
author_facet Beer, M.I.
Hassan, M.F.
author_sort Beer, M.I.
title Adaptive security architecture for protecting RESTful web services in enterprise computing environment
title_short Adaptive security architecture for protecting RESTful web services in enterprise computing environment
title_full Adaptive security architecture for protecting RESTful web services in enterprise computing environment
title_fullStr Adaptive security architecture for protecting RESTful web services in enterprise computing environment
title_full_unstemmed Adaptive security architecture for protecting RESTful web services in enterprise computing environment
title_sort adaptive security architecture for protecting restful web services in enterprise computing environment
publisher Springer London
publishDate 2018
url https://www.scopus.com/inward/record.uri?eid=2-s2.0-85035118910&doi=10.1007%2fs11761-017-0221-1&partnerID=40&md5=e6d147629cbbbe87a937d81457aa5b98
http://eprints.utp.edu.my/21517/
_version_ 1738656300591480832
score 13.209306

Similar Items